[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 30 10:07:47 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d102e7e6 by Moritz Muehlenhoff at 2024-07-30T11:07:26+02:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -423,7 +423,8 @@ CVE-2024-6124 (Reflected XSS in M-Files Hubshare before version 5.0.6.0 allowsan
 CVE-2024-4848
 	REJECTED
 CVE-2024-41881 (SDoP versions prior to 1.11 fails to handle appropriately some paramet ...)
-	- sdop <unfixed>
+	- sdop <unfixed> (unimportant)
+	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://github.com/PhilipHazel/SDoP/commit/ff83d851b4b39ff2fd37ab2ab14365649515b023
 CVE-2024-41819 (Note Mark is a web-based Markdown notes app. A stored cross-site scrip ...)
 	NOT-FOR-US: Note Mark
@@ -5828,6 +5829,8 @@ CVE-2024-5793 (The Houzez Theme - Functionality plugin for WordPress is vulnerab
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the jaraco/zipp libr ...)
 	- python-zipp 3.19.2-1
+	[bookworm] - python-zipp <no-dsa> (Minor issue)
+	[bullseye] - python-zipp <no-dsa> (Minor issue)
 	NOTE: https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd (v3.19.1)
 CVE-2024-5549 (A CORS misconfiguration in the stitionai/devika repository allows atta ...)
 	NOT-FOR-US: stitionai/devika
@@ -6153,6 +6156,8 @@ CVE-2024-6523 (A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has b
 	NOT-FOR-US: ZKTeco BioTime
 CVE-2024-6505 (A flaw was found in the virtio-net device in QEMU. When enabling the R ...)
 	- qemu <unfixed> (bug #1075919)
+	[bookworm] - qemu <no-dsa> (Minor issue)
+	[bullseye] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2295760
 CVE-2024-6298 (Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Li ...)
 	NOT-FOR-US: ABB


=====================================
data/dsa-needed.txt
=====================================
@@ -88,6 +88,8 @@ ruby-sinatra/oldstable
 --
 ruby-tzinfo/oldstable
 --
+setuptools
+--
 squid
 --
 tinyproxy/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d102e7e6f0f05d85be171321aa44871720cbf1ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d102e7e6f0f05d85be171321aa44871720cbf1ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240730/28f1c777/attachment.htm>

More information about the debian-security-tracker-commits mailing list